A. Field of the Invention
This invention relates generally to information security and, more particularly, to improved methods and apparatus for selecting information security solutions based on a multitude of parameters.
B. Description of the Related Art
The number of entities using the Internet and the World Wide Web for all types of business solutions is growing rapidly. At the same time, the need for increased internal security around corporate information systems is also increasing due, in part, to the increased penetration of information systems. Increasing physical security is often not the only solution especially if the business allows access not just to employees, but to personnel outside the organization such as vendors, contractors, and temporary employees.
One common solution to information security risks is to protect information using firewalls. A firewall is a combination of hardware and software that limits the exposure of a computer or group of computers to attacks from the outside. Firewalls provide a single point of entry to protect network resources from unauthorized access. A firewall may comprise, for example, application proxies, access control lists, logging capabilities, or filtering. Relying solely on firewall perimeter protection is often inadequate. Furthermore, firewalls frequently hinder business plans to communicate electronically between customers, suppliers, and business partners.
Other existing security countermeasures include password protection, encryption, and fireridges. A fireridge is essentially a limited firewall operating on an internal network, such as an intranet, and can contain filters, application proxies, and other means for shielding computers from other computers on the internal network. Each of these security countermeasures used alone may be inefficient in part because they were not designed for use with corporate networks or because security holes exist in the overall systems implementation.
Evaluating an organization""s overall system of security measures on an application by application basis is very expensive and often difficult. Interpretation of the results of a security risk assessment is often unreliable and subjective because they are conducted by human auditors who may have varying degrees of expertise in systems security engineering and may unknowingly focus on one area of the system more than another. Additionally, conventional risk assessments are often expressed in terms of estimated loss calculated without using formulas or historical data. Consequently, entities in the business of managing risk exposure, such as corporate management or insurance service groups, have few actual tools to use in estimating loss. Furthermore, conventional risk assessment tools, such as annual loss expectancy, do not assist organizations in selecting a less risky security model.
The security of large corporate networks is particularly challenging to assess for many reasons. The networks may have hundreds of different applications systems and servers, thousands of user accounts, and exchange billions of bytes of information with the Internet every day. The sheer volume of users and transactions make it more difficult to design and monitor a secure architecture. The process of inventorying an organization""s application systems, the current level of security measures implemented by the organization, and even the applications architecture can be a daunting task. Moreover, once this information is collected, the information is difficult to keep current with the dynamism of the corporation is a difficult task. Without automation, therefore, the task of risk analysis can be further complex and very time consuming to do well.
Therefore, a need exists for an improved method of assessing the information security of large corporate systems in a manner that is based on best industry practices and principles and is reliable, repeatable, cost efficient, and consistent from system to system. Furthermore, a need exists for a method of selecting a security model based on the assessment.
In accordance with the invention, systems and methods consistent with the present invention create a security model for an organization operating an application on a computer network to protect the application from attack by unauthorized sources. A current countermeasure strength level and a recommended countermeasure strength level are determined for each of at least one countermeasure based on input data and security risk data. A security model including at least one countermeasure and a corresponding strength level is determined based on the current and the recommended strength levels.